Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1588803 - (CVE-2018-11813) CVE-2018-11813 libjpeg: "cjpeg" utility large loop because read_pixel in rdtarga.c mishandles EOF
CVE-2018-11813 libjpeg: "cjpeg" utility large loop because read_pixel in rdta...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20180607,reported=2...
: Security
Depends On: 1588806 1588808 1591203 1588804 1588807
Blocks: 1588809
  Show dependency treegraph
 
Reported: 2018-06-07 17:18 EDT by Pedro Sampaio
Modified: 2018-06-14 05:32 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Pedro Sampaio 2018-06-07 17:18:50 EDT 
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

References:

https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf
https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c
Comment 1 Pedro Sampaio 2018-06-07 17:19:13 EDT 
Created libjpeg-turbo tracking bugs for this issue:

Affects: fedora-all [bug 1588804]
Comment 2 Pedro Sampaio 2018-06-07 17:20:38 EDT 
Created mingw-libjpeg-turbo tracking bugs for this issue:

Affects: epel-7 [bug 1588806]
Affects: fedora-all [bug 1588808]
Comment 4 Stefan Cornelius 2018-06-14 05:07:54 EDT 
Patch (libjpeg-turbo):
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/909a8cfc7bca9b2e6707425bdb74da997e8fa499

The following section in the upstream changelog entry is noteworthy:
"[...] Because this issue only affected cjpeg and not the underlying library, and because it did not involve any out-of-bounds reads or other exploitable behaviors, it was not believed to represent a security threat."
Comment 6 Stefan Cornelius 2018-06-14 05:31:38 EDT 
Statement:

This issue affects the versions of libjpeg as shipped with Red Hat Enterprise Linux 4 and 5. This issue affects the versions of libjpeg-turbe as shipped with Red Hat Enterprise Linux 6 and 7. However, the problem is limited to the "cjpeg" utility and does not affect the library itself.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.